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DETAILED ACTION 

1. This action is in response to the communication filed on May 13, 2005. Claims 1- 
14 and 18-20 have been amended. No new Claims have been added. Claims 1 - 23 
are pending. 

Response to Remarks/Arguments 
Specification 

2. The title of the invention is not descriptive. A new title is required that is clearly 
indicative of the invention to which the claims are directed. 

The following title is suggested: Method for securely supporting password 
change. 

Examiner, upon request from the Applicant, carefully has considered the material 
of paragraph 36 and 37 of the present application and found no justification for the 
current title. Instant application disclosure of paragraph 36 and 37 directs to "..changing 
of passwords of several systems/files/applications simultaneously." and a password 
entered in accordance of the above described process is optionally long and complex 
since there is no need to remember the password." Applicant is directed to Microsoft 
Computer Dictionary (Page 483, Fifth Edition) for definition of Single sign-on, and is 
provided here, for immediate reference. 
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Single sign-on: A system enabling a user to enter one name and password to log 
onto different computer systems or web sites. Single sign-on is also available for 
enterprise systems so a user with a domain account can log on to a network once, 
using a password or smart card, and thereby gain access to any computer in the 
domain. 

Instant application discloses "a method of securely supporting password change 
paragraph 28 to 32 and 34 to 40. Examiner would like to remind the applicant that 
the title should reflect and be indicative of the invention to which the claims are directed. 

3. The disclosure is objected to because of the following informalities: Too many 
typographical mistakes and spacing problems. For example on Page 1, paragraph 
[0003], replace "company 1 ss" with "company's" and paragraph [0004], replace 
"password 's" with "password". 

Objection to the disclosure is maintained. 

Appropriate and careful corrections throughout specification are required. 

4. Applicant's remarks/arguments filed on May 13, 2005, with respect to amended 
Claims 1-14 and 18-20, have been fully considered but they are not persuasive. 

Referring to the previous Office action, Examiner had cited relevant portions of 
the references as a means to illustrate the system as taught by the prior art. As a. 
means of providing further clarification as to what is taught by the references used in the 
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first office action, Examiner has expanded the teachings for comprehensibility while 
maintaining the same grounds of rejection of the claims. 

5. Claims 1 - 7, 1 1 , 1 8 - 20 are rejected under 35 U.S.C. 1 02(b) as being clearly 
anticipated by Bellemore et al. (U.S. Patent Number 5,944,825, hereinafter "Bell"). 
Claims 8-10 and 12 - 15 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bell in view of Novoa et al. (U.S. Patent Number 6,636,973, hereinafter "Novoa"). 

6. Bell teaches a method for providing security and password mechanism to a 
system, wherein passwords must meet certain criteria including expiration time, 
password security and preventing previously used passwords. 

Nova teaches the process of changing a password preferably using the current 
password (i.e., the password about to be changed) or the user's template value 
generated during log on as a seed value to generate a random alphanumeric string 
(password). 

7. Regarding amended independent Claims 1 , 5, 7 and 20, Applicant agrees that 
Bell teaches a system that receives passwords and determines if they are acceptable 
prior to providing them to a password database, but argues that the distinction between 
the prior art and the instant application is that "storing data indicative of the new 
password in a database other than a password database", "providing a prompt to a user 
when an operation to change password is detected", "storing the new password in a 
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database independent of the change password operation and the data where the 
changed password is stored", "detecting a password change operation in execution on a 
system; displaying to user a prompt for authentication information in response to 
detecting the change password operation in execution and other than occurring as an 
operation of the change password operation" and "automatically generating new 
password". These arguments are not persuasive. 

Bell discloses a method for providing security and password mechanisms in a 
database system. Passwords used by a client must meet certain criteria, such as, the 
password must not be identical to the previous passwords used within a threshold 
period of time. Furthermore, Bell discloses that access is blocked for clients whose 
password has not been changed for a threshold period of time. Bell teaches "storing 
data indicative of the new password in a database other than a password database" 
(Column 4 lines 33 - 42 and Column 6 line 66 - Column 7 line 16), "providing a prompt 
to a user when an operation to change password is detected" (Column 4 lines 33 - 40 
and Column 6 lines 1 - 22), "storing the new password in a database independent of 
the change password operation and the data where the changed password is stored" 
(Column 6 lines 1 1 -36 and Column 7 lines 4-19), "detecting a password change 
operation in execution on a system; displaying to user a prompt for authentication 
information in response to detecting the change password operation in execution and 
other than occurring as an operation of the change password operation (Column 3 lines 
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29 - 52 and Column 4 lines 5 - 40)" and "automatically generating new password" 
(Column 1 lines 1 1 - 34 and Column 7 lines 4-19). 

8. Applicant clearly has failed to explicitly identify specific claim limitations, which 
would define a patentable distinction over prior arts. Therefore, the examiner 
respectfully asserts that cited prior art does teach or suggest the subject matter broadly 
recited in independent claims 1, 5, 7 and 20. Dependent claims 2 -4, 6, 8 - 19 and 21 
- 23 are also rejected at least by virtue of their dependency on independent claims and 
by other reason set forth in this office action. 

Accordingly, the rejection for the pending Claims 1 - 23 is respectfully 
maintained. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.SC 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

9. Claims 1 -7, 11, 18 - 20 are rejected under 35 U.S.C. 102(b) as being clearly 
anticipated by Bellemore et al. (U.S. Patent Number 5,944,825, hereinafter "Bell"). 
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Regarding Claim 1 , Bell teaches and describes a method of securely supporting 
password change (Bell Fig. 1 - 5; Summary and Column 3 line 29 - Column 7 line 19), 
comprising: 

detecting an occurrence of a password change operation in execution on a 
system (Bell Column 4 lines 5 - 37); 

detecting a new password when provided (Bell Column 4 lines 33 - 40); and, 
storing data indicative of the new password in a database other than the 
password database associated with the password change operation for later retrieval, 
the data indicative of the new password for use in providing the new password provision 
to the system automatically (Bell Column 4 lines 33 - 42 and Column 6 line 66 - 
Column 7 line 16). 

Regarding Claim 5, Bell teaches and describes a method of securely supporting 
password change (Bell Fig. 1 - 5; Summary and Column 3 line 29 - Column 7 line 19), 
comprising: 

detecting a change password operation in execution on a system for changing a 
first password (Bell Column 4 lines 5 - 37); 

displaying to a user a prompt for a new password in response to detecting the 
change password operation in execution and other than occurring as an operation of the 
change password operation (Bell Column 3 lines 29 - 52 and Column 4 lines 33 - 40); 

receiving the new password (Bell Column 4 lines 33 - 40); 
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performing an operation to change the password to the new password in the 
system (Bell Column 4 lines 33 - 40 and Column 6 lines 1 - 22); and, 

storing the new password in a database independent of the change password 
operation and independent of a database where at least a changed password is stored 
by the change password operation (Bell Column 6 lines 1 1 - 36). 

Regarding Claim 7, Bell teaches and describes a method of securely supporting 
password change (Bell Fig. 1 - 5; Summary and Column 3 line 29 - Column 7 line 19), 
comprising: 

detecting a password change operation in execution on a system (Column 4 lines 
5-37); 

displaying to a user a prompt for authentication information in response to 
detecting the change password operation in execution and other than occurring as an 
operation of the change password operation (Bell Column 3 lines 29 - 52 and Column 4 
lines 33-40); 

receiving the authentication information (Bell Column 4 lines 20 - 33 and Column 
5 lines 47 - 53); 

when the authentication information is indicative of a known user, performing an 
operation to change the password of the known user to a new password in the system 
(Bell Column 4 lines 33 - 42; Column 5 lines 54- 59 and Column 6 line 66 - Column 7 
line 13); and, 
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storing the new password in a database independent of the change password 
operation and of the database where at least a changed password is stored (Bell 
Column 6 lines 1 1 - 36 and Column 7 lines 4-19). 

Regarding Claim 20, Bell teaches and describes a method of securely supporting 
a password change (Bell Fig. 1 - 5; Summary and Column 3 line 29 - Column 7 line 
19), comprising: 

detecting a password change operation in execution on a system having a known 
user authorized thereon (Bell Column 4 lines 5 - 37); 

automatically generating a new password in response to detecting the password 
change operation and other than occurring as an operation of the change password 
operation (Bell Column 1 lines 1 1 - 34 and Column 7 lines 4-19); 

performing an operation to change the password to a new password in the 
system (Bell Column 4 lines 33 - 42; Column 5 lines 54- 59 and Column 6 line 66 - 
Column 7 line 13); and, 

storing the new password in a database independent of the change password 
operation and of the database where at least a changed password is stored (Bell 
Column 6 lines 1 1 - 36 and Column 7 lines 4-19). 

Claim 2 is rejected applied as above in rejecting Claim 1. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein detecting an 
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occurrence of a change of password operating in execution on a system comprises 
detecting a new password prompt (Bell Column 4 lines 33 - 37) 

Claim 3 is rejected applied as above in rejecting Claim 1. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), comprising the steps of: 

prompting a user to provide authorization data, the authorization data being other 
than the new password (Bell Column 2 lines 34 - 41 and Column 4 lines 33 - 37); and 

associating the authorization data with the newpassword (Bell Column 2 lines 34 
- 59; Column 4 lines 20 - 42 and Column 7 lines 4-19). 

Claim 4 is rejected applied as above in rejecting Claim 1. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein detecting the new 
password comprises detecting the new password at least two separate times (Bell 
Column 3 line 56 - Column 4 line 42). 

Claim 6 is rejected applied as above in rejecting Claim 5. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein detecting the change 
password operation in execution on a system comprises detecting password change 
command operations (Bell Column 4 line 33 - 37). 
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Claim 11 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein performing an 
operation to change the password comprises providing the new password to the 
system (Bell Column 7 lines 5-19). 

Claim 18 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), comprising performing another 
operation to change another password of known user to the new password (Bell 
Column 7 lines 5 - 19). 

Claim 19 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), comprising: 

determining within the password database and associated with a same user all 
passwords identical to the password being changed and automatically performing at 
least another operation to change each identical password of the known user to the new 
password (Bell Column 8 line 46 - Column 9 line 9). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

10. Claims 8- 10 and 12 - 15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bellemore et al. (U.S. Patent Number 5,944,825, hereinafter "Bell") in 
view of Novoa et al. (U.S. Patent Number 6,636,973, hereinafter "Novoa"). 

Claim 8 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 1 9), prompt for authentication 
information (Bell Column 4 lines 5 - 37). Bell does not teach that the prompt for 
authentication information is a prompt for biometric information. However, Novoa 
discloses a biometrics-based password change method for securely changing password 
includes prompting for authentication information wherein authentication information a 
prompt for biometric information (Column 4 lines 40 - 63 and Column 5 lines 3 - 43). 
Therefore it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to modify Novoa's biometric-based password change method 
into the securely password changing method of Belle's. 
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Bell could have been modified by Novoa to arrive at the claimed invention by 
having the database, security process that are adapted for monitoring and detecting the 
password change request to request for the authentication information (Bell Column 4 
lines 5 - 37) to be biometric information as taught by Novoa (Novoa Column 2 lines 27 
- 41 and Column 6 lines 3 - 26). One of ordinary skill in the art would have been 
motivated to modify Bell by Novoa as discussed above because in a password based 
system, an unauthorized person who is able to obtain a valid password can still access 
the system while in a biometric-based system, the user needs both password and 
biometric information to access the system, thus using biometric authentication 
information would increase and improve network and system security as taught by 
Novoa. 

Claim 9 is rejected applied as above in rejecting Claim 8. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), comprising: 

providing biometric information (Novoa Column 4 lines 59 - 61 and Column 6 
lines 27» 41); 

processing the provided biometric information to provide the biometric data 
(Novoa Column 6 lines 67 - Column 7 line 65); 

comparing the biometric data with a stored template (Novoa Column 7 lines 36 - 
65); and 
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in dependence upon a comparison result retrieving a user password from a 
database (Novoa Column 7 line 36- Column 8 line 10). 

Claim 10 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein the prompt for 
authentication information prompt for information relating to data stored in a memory of 
a smart card (Novoa Column 7 lines 29 - 35). 

Claim 12 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein performing an 
operation to change the password comprises prompting the user to select between 
provision of the new password and automatic generation of the new password (Novoa 
Column 7 lines 1 - 10 and lines 39 - 54). 

Claim 14 is rejected applied as above in rejecting Claim 7. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein performing an 
operation to change the password comprises automatically generation of the new 
password (Novoa Column 7 lines 1-10 and lines 39 - 54). 



Application/Control Number: 09/977,202 Page 15 

Art Unit: 2136 

Claims 15 and 21 are rejected applied as above in rejecting Claims 13 and 20. 
Furthermore, Bell teaches arid describes a method of securely supporting password 
change (Bell Fig. 1 - 5; Summary and Column 3 line 29 - Column 7 line 19), wherein 
the automatically generated new password is unknown to the user (Novoa Column 7 
lines 1 - 10 and lines 39 - 54). 

Claim 13 is rejected applied as above in rejecting Claim 12. Furthermore, Bell 
teaches and describes a method of securely supporting password change (Bell Fig. 1 - 
5; Summary and Column 3 line 29 - Column 7 line 19), wherein performing an 
operation to change the password comprises automatically generation of the new 
password (Novoa Column 7 lines 1-10 and lines 39 - 54). 

11. Claims 16, 17, 22 and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bellemore et al. (U.S. Patent Number 5,944,825, hereinafter "Bell") in 
view of Novoa et al. (U.S. Patent Number 6,636,973, hereinafter "Novoa") further in 
view of Schneier (Bruce Schneier "Applied Cryptography, Second edition; hereinafter 
"Schneier"). 

Claims 16 and 22 are rejected applied as above in rejecting Claims 15 and 21 . 
Furthermore, Bell teaches and describes a method of securely supporting password 
change (Bell Fig. 1 - 5; Summary and Column 3 line 29 - Column 7 line 19), wherein 
the automatically generated new password is an encryption key (Bell Column 7 lines 5 - 
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1 9 and Novoa Column 7 lines 1-10 and lines 39 - 54 and Column 8 lines 11 - 1 8). 
Bell discloses securely changing password and Novoa discloses automatically 
generating new password. Even when taken together, Bell and Novoa do not disclose 
that the newly generated password is an encryption key. However, Schneier teaches 
that the passwords that are generated using randomly as taught by Novoa can be used 
as encryption keys (Schneier Pages 173 and 174). Therefore it would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
modify Novoa's biometric-based password change method into the securely password 
changing method of Belle's and to use the automatically generated password as an 
encryption key. 

Bell could have been modified by Novoa to arrive at the claimed invention by 
having the database, security process that are adapted for monitoring and detecting the 
password change request to request for the authentication information (Bell Column 4 
lines 5 - 37) to be biometric information as taught by Novoa (Novoa Column 2 lines 27 
- 41 and Column 6 lines 3 - 26) wherein the password is an encryption as taught by 
Schneier. One of ordinary skill in the art would have been motivated to modify Bell by 
Novoa and Schneier as discussed above because in a password based system, an 
unauthorized person who is able to obtain a valid password can still access the system 
while in a biometric-based system, the user needs both password and biometric 
information to access the system, thus using biometric authentication information would 
increase and improve network and system security as taught by Novoa wherein the 
password is an encryption key, as taught by Schneier. 
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Claims 17 and 23 are rejected applied as above in rejecting Claims 16 and 22. 
Furthermore, Bell teaches and describes a method of securely supporting password 
change (Bell Fig. 1 - 5, Summary and Column 3 line 29- Column 7 line 19) Bell 
discloses securely changing password and Novoa discloses automatically generating 
new password (Bell Column 7 lines 5-19 and Novoa Column 7 lines 1-10 and lines 
39 - 54 and Column 8 lines 11 - 18). Even when taken together, Bell and Novoa do not 
disclose that the new password is encrypted using the encryption key. However, 
Schneier teaches that the new password is encrypted using the encryption key 
(Schneier Page 173 and 174). Therefore it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to modify Novoa's biometric- 
based password change method into the securely password changing method of Belle's 
and to encrypt the password using an encryption key to provide secure password. 

Bell could have been modified by Novoa to arrive at the claimed invention by 
having the database, security process that are adapted for monitoring and detecting the 
password change request to request for the authentication information (Bell Column 4 
lines 5 - 37) to be biometric information as taught by Novoa (Novoa Column 2 lines 27 
- 41 and Column 6 lines 3 - 26) wherein the password is encrypted using the 
encryption key as taught by Schneier. One of ordinary skill in the art would have been 
motivated to modify Bell by Novoa and Schneier as discussed above because in a 
password based system, an unauthorized person who is able to obtain a valid password 
can still access the system while in a biometric-based system, the user needs both 
password and biometric information to access the system, thus using biometric 



Application/Control Number: 09/977,202 Page 18 

Art Unit: 2136 

authentication information would increase and improve network and system security as 
taught by Novoa wherein the password is encrypted using the encryption key which is 
difficult to decrypt without the key, as taught by Schneier. 



Conclusion 

12. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

13. Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art and are 
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applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant, in preparing the 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the examiner. 

14. Applicant is urged to consider the references. However, the references should be 
evaluated by what they suggest to one versed in the art, rather than by their specific 
disclosure. If applicants are aware of any better prior art than those are cited, they are 
required to bring the prior art to the attention of the examiner. 

15. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 571- 
272r3866. The examiner can normally be reached on 8:00a.m. To 5:00p.m.. If attempts 
to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ayaz 
Sheikh can be reached on 571-232-3795. Any inquiry of a general nature or relating to 
the status of this application or proceeding should be directed to the receptionist whose 
telephone number is 703-305-3900. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR only. For more 
information about the PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). 

Pramila Parthasarathy 



July 10, 2005. 
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